milo2012/checkSSHCiphers.py

## checkSSHCiphers.py

import paramiko, sys, logging, optparse, os
sys.tracebacklimit = 0
logging.raiseExceptions=False
acceptedCipherList=[]
acceptedMacList=[]
acceptedKeyList=[]
acceptedKexList=[]
cipherList = (
    "aes128-ctr",
    "aes192-ctr",
    "aes256-ctr",
    "aes128-cbc",
    "aes192-cbc",
    "aes256-cbc",
    "blowfish-cbc",
    "3des-cbc",
)
preferred_macs = (
    "hmac-sha2-256",
    "hmac-sha2-512",
    "hmac-sha1",
    "hmac-md5",
    "hmac-sha1-96",
    "hmac-md5-96",
)
preferred_keys = (
    "ssh-ed25519",
    "ecdsa-sha2-nistp256",
    "ecdsa-sha2-nistp384",
    "ecdsa-sha2-nistp521",
    "ssh-rsa",
    "ssh-dss",
)
preferred_kex = (
    "ecdh-sha2-nistp256",
    "ecdh-sha2-nistp384",
    "ecdh-sha2-nistp521",
    "diffie-hellman-group-exchange-sha256",
    "diffie-hellman-group-exchange-sha1",
    "diffie-hellman-group14-sha1",
    "diffie-hellman-group1-sha1",
)
port=22
username='root'
password='root12312312321'
command='whoami'
ipList=[]

if __name__ == "__main__":
	parser = optparse.OptionParser()
	parser.add_option('-i', action="store", dest="ip",help="IPv4/IPv6")
	parser.add_option('-f', action="store", dest="filename",help="File containing list of IP addresses")
	options, remainder = parser.parse_args()
	if len(sys.argv)==1:
		parser.print_help()
		os._exit(1)
	if options.ip:
		ipList.append(options.ip)
	if options.filename:
		ipList = [line.rstrip('\n') for line in open(options.filename)]

for hostname in ipList:
	print "\n[*] Checking: "+hostname
	for x in cipherList:
		try:
			paramiko.Transport._preferred_ciphers = (x,)
			sshclient = paramiko.SSHClient()
			sshclient.load_system_host_keys()
			sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
			sshclient.connect(hostname,port=port, username=username, password=password)
			stdin, stdout, stderr = sshclient.exec_command(command)
		except paramiko.ssh_exception.SSHException as e:
			if "Authentication failed" in str(e):
				acceptedCipherList.append(x)
		except exception as e:
			print e
	if len(acceptedCipherList)>0:
		print acceptedCipherList

	for x in preferred_macs:
		try:
			paramiko.Transport._preferred_macs = (x,)
			sshclient = paramiko.SSHClient()
			sshclient.load_system_host_keys()
			sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
			sshclient.connect(hostname,port=port, username=username, password=password)
			stdin, stdout, stderr = sshclient.exec_command(command)
		except paramiko.ssh_exception.SSHException as e:
			if "Authentication failed" in str(e):
				acceptedMacList.append(x)
		except exception as e:
			print e
	if len(acceptedMacList)>0:
		print acceptedMacList
	for x in preferred_keys:
		try:
			paramiko.Transport._preferred_keys = (x,)
			sshclient = paramiko.SSHClient()
			sshclient.load_system_host_keys()
			sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
			sshclient.connect(hostname,port=port, username=username, password=password)
			stdin, stdout, stderr = sshclient.exec_command(command)
		except paramiko.ssh_exception.SSHException as e:
			if "Authentication failed" in str(e):
				acceptedKeyList.append(x)
		except exception as e:
			print e
	if len(acceptedKeyList)>0:
		print acceptedKeyList
	for x in preferred_kex:
		try:
			paramiko.Transport._preferred_kex = (x,)
			sshclient = paramiko.SSHClient()
			sshclient.load_system_host_keys()
			sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
			sshclient.connect(hostname,port=port, username=username, password=password)
			stdin, stdout, stderr = sshclient.exec_command(command)
		except paramiko.ssh_exception.SSHException as e:
			if "Authentication failed" in str(e):
				acceptedKexList.append(x)
		except exception as e:
			print e
	if len(acceptedKexList)>0:
		print acceptedKexList

	import paramiko, sys, logging, optparse, os
	sys.tracebacklimit = 0
	logging.raiseExceptions=False
	acceptedCipherList=[]
	acceptedMacList=[]
	acceptedKeyList=[]
	acceptedKexList=[]
	cipherList = (
	"aes128-ctr",
	"aes192-ctr",
	"aes256-ctr",
	"aes128-cbc",
	"aes192-cbc",
	"aes256-cbc",
	"blowfish-cbc",
	"3des-cbc",
	)
	preferred_macs = (
	"hmac-sha2-256",
	"hmac-sha2-512",
	"hmac-sha1",
	"hmac-md5",
	"hmac-sha1-96",
	"hmac-md5-96",
	)
	preferred_keys = (
	"ssh-ed25519",
	"ecdsa-sha2-nistp256",
	"ecdsa-sha2-nistp384",
	"ecdsa-sha2-nistp521",
	"ssh-rsa",
	"ssh-dss",
	)
	preferred_kex = (
	"ecdh-sha2-nistp256",
	"ecdh-sha2-nistp384",
	"ecdh-sha2-nistp521",
	"diffie-hellman-group-exchange-sha256",
	"diffie-hellman-group-exchange-sha1",
	"diffie-hellman-group14-sha1",
	"diffie-hellman-group1-sha1",
	)
	port=22
	username='root'
	password='root12312312321'
	command='whoami'
	ipList=[]

	if __name__ == "__main__":
	parser = optparse.OptionParser()
	parser.add_option('-i', action="store", dest="ip",help="IPv4/IPv6")
	parser.add_option('-f', action="store", dest="filename",help="File containing list of IP addresses")
	options, remainder = parser.parse_args()
	if len(sys.argv)==1:
	parser.print_help()
	os._exit(1)
	if options.ip:
	ipList.append(options.ip)
	if options.filename:
	ipList = [line.rstrip('\n') for line in open(options.filename)]

	for hostname in ipList:
	print "\n[*] Checking: "+hostname
	for x in cipherList:
	try:
	paramiko.Transport._preferred_ciphers = (x,)
	sshclient = paramiko.SSHClient()
	sshclient.load_system_host_keys()
	sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	sshclient.connect(hostname,port=port, username=username, password=password)
	stdin, stdout, stderr = sshclient.exec_command(command)
	except paramiko.ssh_exception.SSHException as e:
	if "Authentication failed" in str(e):
	acceptedCipherList.append(x)
	except exception as e:
	print e
	if len(acceptedCipherList)>0:
	print acceptedCipherList

	for x in preferred_macs:
	try:
	paramiko.Transport._preferred_macs = (x,)
	sshclient = paramiko.SSHClient()
	sshclient.load_system_host_keys()
	sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	sshclient.connect(hostname,port=port, username=username, password=password)
	stdin, stdout, stderr = sshclient.exec_command(command)
	except paramiko.ssh_exception.SSHException as e:
	if "Authentication failed" in str(e):
	acceptedMacList.append(x)
	except exception as e:
	print e
	if len(acceptedMacList)>0:
	print acceptedMacList
	for x in preferred_keys:
	try:
	paramiko.Transport._preferred_keys = (x,)
	sshclient = paramiko.SSHClient()
	sshclient.load_system_host_keys()
	sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	sshclient.connect(hostname,port=port, username=username, password=password)
	stdin, stdout, stderr = sshclient.exec_command(command)
	except paramiko.ssh_exception.SSHException as e:
	if "Authentication failed" in str(e):
	acceptedKeyList.append(x)
	except exception as e:
	print e
	if len(acceptedKeyList)>0:
	print acceptedKeyList
	for x in preferred_kex:
	try:
	paramiko.Transport._preferred_kex = (x,)
	sshclient = paramiko.SSHClient()
	sshclient.load_system_host_keys()
	sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
	sshclient.connect(hostname,port=port, username=username, password=password)
	stdin, stdout, stderr = sshclient.exec_command(command)
	except paramiko.ssh_exception.SSHException as e:
	if "Authentication failed" in str(e):
	acceptedKexList.append(x)
	except exception as e:
	print e
	if len(acceptedKexList)>0:
	print acceptedKexList